Issues with IMAP authentication - doveadm auth test fails

I’m having issues with connecting to mail from remote and webmail. Here’s some information that should give some context.
I feel like I have tried everything so any help would be highly appreciated!

Here’s a snippet from the dovecot-info.log :

Nov 15 23:26:01 auth: Debug: auth client connected (pid=0)
Nov 15 23:26:01 auth: Debug: client in: AUTH	1	PLAIN	service=doveadm	debug	resp=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx (previous base64 data may contain sensitive data)
Nov 15 23:26:01 auth: Debug: passwd(user@mydomain.com): Performing passdb lookup
Nov 15 23:26:01 auth-worker(780457): Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth
Nov 15 23:26:01 auth-worker(780457): Debug: Module loaded: /usr/lib/dovecot/modules/auth/lib20_auth_var_expand_crypt.so
Nov 15 23:26:01 auth-worker(780457): Debug: conn unix:auth-worker (pid=772399,uid=111): Server accepted connection (fd=13)
Nov 15 23:26:01 auth-worker(780457): Debug: conn unix:auth-worker (pid=772399,uid=111): Sending version handshake
Nov 15 23:26:01 auth-worker(780457): Debug: conn unix:auth-worker (pid=772399,uid=111): auth-worker<1>: Handling PASSV request
Nov 15 23:26:01 auth-worker(780457): Debug: conn unix:auth-worker (pid=772399,uid=111): auth-worker<1>: passwd(user@mydomain.com): Performing passdb lookup
Nov 15 23:26:01 auth-worker(780457): Debug: conn unix:auth-worker (pid=772399,uid=111): auth-worker<1>: passwd(user@mydomain.com): lookup
Nov 15 23:26:01 auth-worker(780457): Info: conn unix:auth-worker (pid=772399,uid=111): auth-worker<1>: passwd(user@mydomain.com): Password mismatch
Nov 15 23:26:01 auth-worker(780457): Debug: conn unix:auth-worker (pid=772399,uid=111): auth-worker<1>: passwd(user@mydomain.com): CRYPT(100%mypassword) != 'x'
Nov 15 23:26:01 auth: Debug: passwd(user@mydomain.com): Finished passdb lookup
Nov 15 23:26:01 auth: Debug: auth(user@mydomain.com): Auth request finished
Nov 15 23:26:01 auth-worker(780457): Debug: conn unix:auth-worker (pid=772399,uid=111): auth-worker<1>: passwd(user@mydomain.com): Finished passdb lookup
Nov 15 23:26:01 auth-worker(780457): Debug: conn unix:auth-worker (pid=772399,uid=111): auth-worker<1>: Finished
Nov 15 23:26:03 auth: Debug: client passdb out: FAIL	1	user=user@mydomain.com
Nov 15 23:27:01 auth-worker(780457): Debug: conn unix:auth-worker (pid=772399,uid=111): Disconnected: Connection closed (fd=-1)

My dovecot configuration is below.
disclaimer: there might be some odd things here because of all the things I have tried. Please don’t judge me

# 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.13 (cdd19fe3)
# OS: Linux 5.10.0-26-amd64 x86_64 Debian 11.8 
# Hostname: xxxxxx.contaboserver.net
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain cram-md5
auth_verbose = yes
disable_plaintext_auth = no
info_log_path = /var/log/dovecot-info.log
log_path = /var/log/dovecot.log
mail_debug = yes
mail_location = maildir:~/Maildir
mail_privileged_group = mail
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix = 
}
passdb {
  driver = passwd
}
protocols = imap pop3 pop3
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0666
    user = postfix
  }
}
service imap-login {
  inet_listener imaps {
    port = 993
    ssl = yes
  }
}
service submission-login {
  inet_listener submission {
    port = 587
  }
}
ssl_cert = </etc/ssl/virtualmin/xxxxxxxxxxxx/ssl.cert
ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
ssl_key = # hidden, use -P to show it
ssl_min_protocol = TLSv1.2
userdb {
  driver = passwd
}
local_name mydomain.com {
  ssl_cert = </etc/ssl/virtualmin/xxxxxxxxxxxx/ssl.combined
  ssl_key = # hidden, use -P to show it
}
local_name *.mydomain.com {
  ssl_cert = </etc/ssl/virtualmin/xxxxxxxxxxxx/ssl.combined
  ssl_key = # hidden, use -P to show it
}

Somehow there is an issue matching the passwords I think(?)
Anyone who can point me in the right direction ?

Alternatively, is there a way to reset all config files for postfix and dovecot back to original ?
I have been troubleshooting so much by now that I no longer have an idea what the originals were. ( In the mean time I have learned that it’s possible to make backups of config files )

What software are you using for webmail?

Sometimes a fresh start does wonders
I found the issue.

Somehow auth-deny.conf.ext had :

# Example deny passdb using passwd-file. You can use any passdb though.

passdb {
 driver = passwd-file
 deny = yes

# File contains a list of usernames, one per line
  args = /etc/dovecot/deny-users
}

the thing is that when I did dovecot -n it wasn’t clear that it was in the auth-deny

Sorry for bothering. I had spent countless hours looking for the issue so I was getting hopeless.
Although I have no clue how that issue happened it may still be useful for someone one day…

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.